-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(msk): allow both sasl/scram and iam auth #31743
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
@@ -124,7 +124,7 @@ const cluster = new msk.Cluster(this, 'cluster', { | |||
}); | |||
``` | |||
|
|||
### SASL/IAM | |||
### IAM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing SASL
here to avoid confusion.
@@ -422,6 +422,7 @@ exports[`MSK Cluster Snapshot test with all values set 1`] = ` | |||
"CertificateAuthorityArnList": [ | |||
"arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111", | |||
], | |||
"Enabled": true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Enabled
was missing previously. See here.
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, just some missing regression tests and a style suggestion.
This is probably outside the scope of this PR, but it might be a good idea to expose Enabled
if a user wants to set the props value but disable the feature. I'm just assuming here, but switching from Enabled: false
to Enabled: true
might be faster than updating CertificateAuthorityArnList
for instance.
}, | ||
}, | ||
}); | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nmussy I added some additional unit tests
testCases: [stack], | ||
}); | ||
|
||
app.synth(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nmussy I created a new integration test that covers all 3 authentication types. The existing test is costly/timely to deploy 😓
Agree on adding that, perhaps in a follow-on PR. I also think |
This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #31743 +/- ##
=======================================
Coverage 81.40% 81.40%
=======================================
Files 223 223
Lines 13727 13727
Branches 2411 2411
=======================================
Hits 11175 11175
Misses 2274 2274
Partials 278 278
Flags with carried forward coverage won't be shown. Click here to find out more.
|
This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thanks for the changes 👍
Pointed out here and verified in the Console, both
SASL/SCRAM
andIAM
can be enabled together.Closes #32779
It's a little confusing because CloudFormation groups
Iam
andScram
together underSasl
,but the Console separates the two and allows both at the same time. I'd like to refactor this further but
this change unblocks the issue where
SASL/SCRAM
andIAM
cannot be enabled together.